Error code 520 returns when POST API accessing VIP of vCloud Director using NSX-T Native LoadBalancer
search cancel

Error code 520 returns when POST API accessing VIP of vCloud Director using NSX-T Native LoadBalancer

book

Article ID: 423876

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • POST API "/cloudapi/1.0.0/sessions/provider" is sent to VIP of vCloud Director and Error Code 520 returns

  • Load Balancer Rules/Conditions in "HTTP Access" are used to only allow dedicated IP addresses (Condition: IP Header Source) to access URI contains "provider"
  • The Access log of Virtual Server shows "Error.Reason: 'LB rule drop action' "
  • The Client.Ip from Access log is NOT the real IP address that is sending POST API

 

 

Environment

VMware NSX

Cause

The Source IP that is sending POST API is NOT the real Client IP address that is accessing the Virtual Server, the Source IP is translated/NATed before reaching the Virtual Server

Resolution

Add the real Client IP to Condition : "IP Header Source" and Source Type: "Group" and set "Negate" on.

Additional Information

https://knowledge.broadcom.com/external/article/376344/troubleshooting-nsx-native-load-balancer.html

Powered by Wolken Software